Threat Actors may attempt to access credentials and other sensitive information by abusing a Windows Domain Controller's application programming interface (API) to simulate the replication process from a remote domain controller using a technique called DCSync.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.